Users trying to send email to an outgoing SMTP server that hasn't been maintained this decade may see a warning, but I doubt there are still that many broken server out there that can't be replaced or updated on short notice once the domain admin gets told Gmail can't reach them.

What we're talking about here is a TLS negotiation. So, when you connect to a TLS server, in this case to deliver email to Gmail over SMTP - you tell it what ciphers you know [the RFCs list "Mandatory to implement" ciphers, but the IETF do not have an enforcement arm, so you could choose to list only ciphers you made up here for whatever that's worth] - and then the server picks one from your list.

Google's change here is when a client calls Gmail and professes that the least awful cipher it knows is 3DES, that's too bad, connection failed.

So yes, this only affects email which was previously using this awful cipher and now just can't be delivered instead.

You can never imagine how many people are still using WinXP, or other forgotten legacy clients/servers that only support up to TLS 1.0 and RC4/DES/3DES without realizing it.

>On its face, ECPA seems to allow a government agency to compel a communications provider to disclose the content of certain types of emails and other content with a subpoena or an ECPA court order (described below). But Google requires an ECPA search warrant for contents of Gmail and other services based on the Fourth Amendment to the U.S. Constitution, which prohibits unreasonable search and seizure.

Essentially, they're saying that they think they would win a constitutional challenge if the government were to try and fight them on this. It doesn't look like the government has taken them up on that to date.

Similar policy from Apple[1]:

> For all requests from government and law enforcement agencies within the United States for content, with the exception of emergency circumstances (defined in the Electronic Communications Privacy Act 1986, as amended), Apple will only provide content in response to a search warrant issued upon a showing of probable cause, or customer consent.

Meta[2]:

>A search warrant issued under the procedures described in the Federal Rules of Criminal Procedure or equivalent state warrant procedures upon a showing of probable cause is required to compel the disclosure of the stored contents of any account, which may include messages, photos, videos, timeline posts, and location information.

[0] https://support.google.com/transparencyreport/answer/9700059...

[1] https://www.apple.com/legal/privacy/law-enforcement-guidelin...

[2] https://about.meta.com/actions/safety/audiences/law/guidelin...

And if it hasn't been updated for that long, it probably doesn't support TLS 1.2 and is getting rejected from just about everything for that reason.

TLS libraries do drop old, weak ciphers from time to time. But thanks to auto-negotiating, this will only be a problem if your TLS lib is so out-of-date that it doesn't support any still-trusted alternatives.

Which brings me back to why this story is so strange: "Gmail upgrades TLS library, drops old insecure algorithm that OpenSSL had dropped almost 10 years ago."